[VOIPSEC] Re: Voipsec Digest, Vol 5, Issue 14

Robert Moskowitz rgm at icsalabs.com
Thu May 26 15:55:55 EDT 2005


At 12:13 PM 5/26/2005, Dave Field wrote:
>It may be trivial to impersonate traffic, but if it doesn't make sense in 
>the context of the current communication, it will be rejected.

It is not trivial to impersonate traffic with proper 802.11i deployments.

>WPA2 (now 802.11i) provides protection against replay attacks by changing 
>its IV periodically.

Like every packet?  Actually, for CCMP, IV is incorrect term as CCM is a 
duo-mode of operation based on counter-mode.  (I teach modes of operation 
for block ciphers in my cryptography class).

>It also uses 128-bit AES encryption. I am confident that it will be the 
>standard promulgated by Cisco now that it has been ratified. If you need 
>to know more, Google '802.11i replay attack'.

Cisco is already putting it into products.

>WPA now, that is a different kettle of fish!

WPA **IS** 802.11i draft 3 with obvious errors corrected.

It is just that the WiFi certification did not require including CCMP in 
WPA products, and many vendors did not.

WPA2 **IS** ratified 802.11i  I have reported a couple of errors in their 
certification that they have addressed.


Robert Moskowitz
Senior Technical Director
ICSA Labs, a division of Cybertrust, Inc.
W:      248-968-9809
F:      248-968-2824
VoIP:   248-291-0713
E:      rgm at icsalabs.com

There's no limit to what can be accomplished if it doesn't matter who gets 
the credit






More information about the Voipsec mailing list